Jump to content

a_Mbam

Honorary Members
  • Posts

    533
  • Joined

  • Last visited

Posts posted by a_Mbam

  1. Hello TW20,

    Thanks for bringing this to our attention. This warning is from our advanced ransomware scanner.  Apps that have elevated privileges and that have been installed using side loading (anything installed outside of Google Play) are flagged as potential ransomware.

    Installation from outside the Play Store plus elevated privileges are big red flags. Therefore, we warn our customers that a suspicious app was installed that displays ransomware like properties. It’s up to the user to ignore our warnings or not.

    Ransomware is particularity dangerous, and this warning gives users the ability to cut it off before it’s too late.

    We will review this app and in the meantime you can add this app the MB for Android's 'Ignore' list.

    Regards,

    -Armando

    • Like 2
  2. Hi Fernando1025,

    I have scanned the file you sent us multiple times and do not see the FP detection. We have no rules in place for your apps.

    Could you send us screen captures of the detection, to help us track down the issue.

    MB for Android ver. 3.10.3.96
    malware database. 2022.07.19.01

    Regards,

    -Armando

  3. HI Chris,

    Typically, when an app is uninstalled all the components are removed. 

    Your pwd's and data should be okay, this one is most ads and web redirects.

    Could you share the app in question with us or the location where you download. I would like to have a look at the app and see its behaviors, is it persistent and for our own research.

    Thanks,
    -Armando

  4. Hi Clang,


    Thanks for bringing this to our attention, browser phishing detection should work for all browsers, but there does appear to be some inconsistency. In my test of your scenario I had the opposite behavior (works on Brave not on Edge).


    Safe Browsing will work with Chrome as this is the officially supported browser, per product page.

     

     

     

     

     


     

     

     

     

     

     

    image.png.4a17290d616888efccbef16efbd004a7.png

     

     



     

     

     



     



     



     

     

     

     

     

     

     

     









    We apologize for the inconvenience.

    Regards,


    -Armando


     

     

    • Like 1
  5. Hi Costa,

    This app has been classified as a Monitor, because it can monitor and forward incoming messages.

    If you are familiar with the app and trust it then you can use and 'Ignore' the Malwarebytes detection. This type of detection is primarily to inform users who had this type of app installed unknowingly, for example someone wanting to spy on another.


    Regards,

    -Armando

     

     

     

     

    • Like 1
    • Thanks 1
  6. Hi JorgeBon,

    The site looks safe to me and no payloads were dropped. On Android you won't get the file injections or other buffer overflow type behaviors you will see with Window's browsers. Yes, typically an APK or app will need to be installed for the malware to get installed or dropped. There are no 'viruses,' as such, on Android.

    To protect yourself from apps being installed from a browser or some third party, ensure you have "Install from Unknown Sources', 'Install unknown apps' or similar wording disabled in Android Settings.

    -Armando

    • Thanks 2
  7. Hello,

    These calendar events are created from Gmail spam, therefore Malwarebytes for Android cannot detect these as they come in. MBAM for Android is an app and file scanner and does not scan incoming Gmail.

    This must be a growing issue as Android Authority just published an article on how to remove these nasty events.

    https://www.androidauthority.com/google-calendar-spam-1022909/

    Unfortunately, Google doesn't seem to be taking action on this behavior at this time, so our only recourse is to manually remove these and DO NOT click on the embedded links.

    Regards,

    -Armando

  8. Hi Booterbotter,

    Thanks for bringing this to our attention and apologies for the late reply. It appears this app shares some characteristics of a lot of different malware out there. I would suggest if this developer wants to have a unique app they can use a unique digital certificate, that will help distinguish from any other developer's app.

    Regards,

    -Armando

  9. Hi Camhart,

    Thanks for reporting this behavior. Your app is likely being flagged as potential ransomware because of the elevated privileges it requests. Also are you side loading to install Truple?

    Do you get the same behavior if you install from the Play Store?

    In our tests we don't see your app being detected by Malwarebytes for Android when installed from the Play Store. Installation from outside the Play Store plus elevated privileges are red flags and as a security application we want to warn our customers that a suspicious app was installed and it should be reviewed. 

    Regards,

    -Armando

  10. Hi plataxis and Rk_4894,

    I suspect those apps have malicious libraries embedded in them to load dynamically. This has become a big issue where devices come preinstalled with malicious apps and the apps cannot be removed using Android's uninstaller.

    These apps on your device should not be trusted, there are a few things you can do.

    - Disable the app – Can be done via Android Settings -> Apps -> bad app -> Force stop/disable

            This will prevent the app and any associated services from running.

    - Root your device and uninstall the malicious apps. Usually reserved for advanced users, please do at your own risk.

    - Install different, trusted, ROM to replace infected one. Usually reserved for advanced users, please do at your won risk.

    - Return device where purchased.

    I wish there were more options but where Android's openness and built in security collide; openness, anyone can flash a device with a custom ROM, security, you can't uninatll system apps.

    Regards,

    -Armando

  11. HI SoLoM,

    This is an odd one for sure, one thing I can think of that might be happening is if your devices are synced to the same landing page. That page could have some rogue advertising that is causing these popups.  I would suggest clearing out your browser history, its likely a cookie that keeps pointing to these URLs. If you sync your browsers with your desktop temporarily disable and cleanup the any potential infections—the bad URL could be replicating to your mobile device.

    Regards,

    -Armando

  12. HI Birini,

    What sites are you visiting that you are getting these redirects? These redirections are browser related, on the site you visit are ads that are set to be delivered--the ad affiliate is serving up shady advertisements and you browsers save tabs.

    What you can try next is clearing the stored data by your browsers.
       Open Android Settings -> Apps -> Chrome/Opera -> Clear data and Clear cache OR Storage -> Clear cache (depending on Android version)

    After those steps you will lose any save log in data and open tabs.

    Regards,

    -Armando

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.